| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Troubles with changing password for SYS in password file
On Fri, 7 Dec 2007 04:33:31 -0800 (PST), mariok
<mario.kackovic_at_gmail.com> wrote:
>On 7. Dec., 11:43 h., sybrandb <sybra..._at_gmail.com> wrote:
>> On Dec 6, 7:09 pm, mariok <mario.kacko..._at_gmail.com> wrote:
>>
>>
>>
>>
>>
>> > Extract from manual tells:
>>
>> > "If you issue the ALTER USER statement to change the password for SYS
>> > after connecting to the database, both the password stored in the data
>> > dictionary and the password stored in the password file are updated,
>> > but..."
>>
>> > on my O10gR2 database it works as follows:
>>
>> > 18:37:15 SQL> conn sys/oracle_at_orcl as sysdba
>> > Connected.
>> > 18:46:27 SQL> select username, password from dba_users where
>> > username='SYS';
>>
>> > USERNAME PASSWORD
>> > --------------- ------------------------------
>> > SYS 8A8F025737A9097A
>>
>> > 18:48:12 SQL> alter user sys identified by ora;
>>
>> > User altered.
>>
>> > 18:48:59 SQL> select username, password from dba_users where
>> > username='SYS';
>>
>> > USERNAME PASSWORD
>> > --------------- ------------------------------
>> > SYS 03EA201D12FA4679
>>
>> > 18:49:02 SQL> conn sys/ora_at_orcl as sysdba
>> > Connected.
>> > 18:49:17 SQL> alter user sys identified by values
>> > '8A8F025737A9097A'; !!! password is oracle !!!
>>
>> > User altered.
>>
>> > 18:50:21 SQL> conn sys/oracle_at_orcl as sysdba
>> > ERROR:
>> > ORA-01031: insufficient privileges !!! I cannot connect
>> > because password isn't changed in passwordfile !!!
>>
>> > Warning: You are no longer connected to ORACLE.
>> > 18:50:31 SQL> conn sys/ora_at_orcl as sysdba
>> > Connected.
>> > 18:51:14 SQL> alter user sys identified by oracle;
>>
>> > User altered.
>>
>> > 18:51:25 SQL> select username, password from dba_users where
>> > username='SYS';
>>
>> > USERNAME PASSWORD
>> > --------------- ------------------------------
>> > SYS 8A8F025737A9097A
>>
>> > 18:51:34 SQL> conn sys/oracle_at_orcl as sysdba
>> > Connected.
>> > 18:51:49 SQL> disc
>> > Disconnected from Oracle Database 10g Enterprise Edition Release
>> > 10.2.0.1.0 - Production
>> > With the Partitioning, OLAP and Data Mining options
>>
>> > So, my conclusion (is that truth?):
>>
>> > I can change password for sys in password file with "alter user sys
>> > identified by <passwd>" statement, but
>> > I cannot do that with "alter user sys identified by values '<hash>' "
>> > statement.
>>
>> > Is there anybody who can tell me how to change password for sys in
>> > password file without providing the password itself?
>>
>> IMO disallowing alter user identified by values for SYS is a very good
>> idea of Oracle.
>> If you would allow this this would mean anyone can override the SYS
>> password.
>> So actually I don't see the problem, or you must be changing your SYS
>> password on a crowded public place like St Peter's Square.
>>
>> --
>> Sybrand Bakker
>> Senior Oracle DBA- Skry? citovaný text -
>>
>> - Zobrazi? citovaný text -
>
>Thanks for reply
>
>But I only wanted to know if there is any way how to change password
>for sys except "alter user" statement or orapwd utility because of
>unencrypted password.
>
>Mario K.
I don't see the problem.
Do you have 100 people looking over your shoulder?
Do you work on St. Peters Square?
In front of1600 Pennsylviana Avenue?
If so or if you are a really slow typist, try connecting as SYS and
use the password command, or write a SQL script using the ACCEPT
command with the HIDE clause and the ALTER user command
For the ACCEPT command see
http://download.oracle.com/docs/cd/B19306_01/server.102/b14357/ch12005.htm#sthref1777
Hopefully you didn't hardcode the SYS password in all of your scripts.
Hth
-- Sybrand Bakker Senior Oracle DBAReceived on Fri Dec 07 2007 - 16:04:16 CST
 |
 |